Quote:
PHP runs with safe mode so there is no way to run system commands through the web app.
|
How many systems have been compromised in a manner that wasn't supposed to be possible?
How many zero day exploits have been found after a vulnerability had been in the code for years?
Here at LQ security we have even been on the forefront, investigating previously unknown vulnerabilities. Take the recent Exim privilege elevation vulnerability for example.
Running things like PHP safe mode and Mod Security do help, but they are certainly not impregnable. It is foolish to think otherwise.